DoD Outlines China's Spying on U.S. IT

A new Defense Department report directly accuses the Chinese military and government of consistently targeting the computers of governments worldwide, including the United States, to collect intelligence.

"The information targeted could potentially be used to benefit China's defense industry, high technology industries and policymaker interest in U.S. leadership thinking on key China issues," the report says.

At a briefing to address China's cybercapabilities, David Helvey, DoD deputy assistant secretary of defense for East Asia, says the Chinese army continues to develop doctrine, training and exercises that emphasize information technology and operations.

China's intensive campaign to spy on U.S. military and government computers has received much attention in the past year. Last fall, Congress held hearings about how the Chinese government could use its high-tech vendors to adapt technology sold to the U.S. to spy on computer systems [see House Panel: 2 Chinese Firms Pose IT Security Risks]. The IT security company Mandiant in February issued a scathing report detailing the activities of a Chinese military unit to spy on the United States [see 6 Types of Data Chinese Hacker Pilfer]. Top military and defense leaders, including President Obama, have said they have raised concerns about e-spying with Chinese leaders [see Obama Raises IP Theft with New China Leader].

Blunt Report

What's significant about the new Pentagon report is the straightforward approach it takes to accuse the Chinese military of targeting critical U.S. government and military systems to strengthen its economic and military presence in the world. The report, though, doesn't identify specific systems breached, provide an assessment of the success of the intrusions or document specific methods used to hack into systems.

Also missing from the report was any mention of American activities to spy on foreign governments, including China. Gen. Keith Alexander, commander of the Cyber-Command and director of the National Security Agency, earlier this year announced plans to form offensive cyber-units aimed to attack foreign computers if necessary.

The 92-page report says the pilfered information could give Chinese military planners a picture of U.S. defense networks, logistics, and related military capabilities that could be exploited during a crisis.

"Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks," says the report, which references a Chinese 2010 Defense white paper that notes China's own concern over foreign cyber-warfare efforts and highlighted the importance of cybersecurity in China's national defense.

3 Key Areas

The DoD report identifies three key areas in which the e-spying could benefit China's cyber-warfare capabilities:

Constrain an adversary's actions or slow response time by targeting network-based logistics, communications and commercial activities; and

Serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

The report says China's development of cybercapabilities for warfare is consistent with authoritative Chinese military writings. According to the report, two military doctrinal writings, Science of Strategy, and Science of Campaigns, identify information warfare as integral to achieving information superiority and an effective means for countering a stronger foe. Neither document identifies the specific criteria for employing a computer network attack against an adversary, though they both advocate developing capabilities to compete in this medium.

Pentagon analysts also note China's increased diplomatic engagement and advocacy in multilateral and international forums where cyber-issues are discussed and debated. "Beijing's agenda is frequently in line with Russia's efforts to promote more international control over cyber-activities," the report says. "China and Russia continue to promote an information security code of conduct that would have governments exercise sovereign authority over the flow of information and control of content in cyberspace."

The DoD report contends both governments continue to play a disruptive role in multilateral efforts to establish transparency and confidence-building measures in international forums. "Although China has not yet agreed with the U.S. position that existing mechanisms, such as international humanitarian law, apply in cyberspace, Beijing's thinking continues to evolve," the report says.

About the Author

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.